For companies making programs that
show users extra pop-up ads, one persistent problem is that users are bound to
take action once their computers get too clogged with unwanted software. Find
a removal tool, hire a technician, reinstall Windows, buy a new computer, or just
stop using the Internet -- whatever users do, the pop-up companies won't make
any more money if users don't keep surfing, and don't keep clicking the ads. The
problem is all the worse because so many unwanted programs install others (usually
in exchange for a per-install commission). So if a user has one program showing
extra pop-ups, the user might soon have five more.

What's an "adware" company to do? Direct Revenue
has one idea: Delete its competitors' programs from users' hard disks. With
the other programs gone, users' computers will run more or less as usual --
showing some extra ads from Direct Revenue, but perhaps not attracting so much
attention that users take steps to remove all unwanted software.

"[Y]ou further understand and
agree, by installing the Software, that BetterInternet and/or the Software may,
without any further prior notice to you, remove, disable or render inoperative
other adware programs resident on your computer ..."

In
my recent testing, I've observed the removals Direct Revenue's EULA seems to anticipate.
And I'm not the only one: I've just received a copy of a lawsuit
filed by Avenue Media, complaining that
Direct Revenue is "systematically deleting Avenue Media's Internet Optimizer
without users' knowledge or consent." Indeed, in my November 17 testing,
I found that software installed on my PC by ABetterInternet (a product name used
by Direct Revenue) received the following instructions from its targeting server,
calling for the removal of Avenue Media's Internet Optimizer:

In my testing, Direct Revenue's
software acts on these instructions -- stopping the optimize.exe task (Internet
Optimizer's main program), then deleting the associated registry entries and program
files. So I think Avenue Media is correct as to the basic facts of what's happening.
Conveniently, in tests beginning on November 17, I even made videos showing Internet
Optimizer's software being deleted -- files eerily disappearing as Direct Revenue's
software deleted Internet Optimizer along with other targeted programs.

How do I happen to have records, logs, and even videos of events occurring
several weeks ago? As it turns out, both Internet Optimizer and Direct Revenue
were unwanted additions to my test PC: Both were installed through security
holes, much like the installations I documented in my Who
Profits from Security Holes? write-up and video last month. I've been making
more such videos -- roughly one a day for the past few weeks. So I've repeatedly
seen Direct Revenue removing Internet Optimizer.

In
my security-hole videos, I never saw nor accepted any Direct Revenue license. So,
at least as to me, Direct Revenue cannot convincingly cite its EULA to defend its
removal of Internet Optimizer. (See also my recent analysis
of Gator's EULA.) However, my test PC became noticeably faster after Direct Revenue
removed other unwanted programs that had been installed through security holes.
So, for some consumers, Direct Revenue's removal of competitors' programs may offer
a useful if surprising benefit. (Compare: Radlight
removing Ad-Aware, without any apparent benefit to consumers.)

Avenue may be suffering from wrongful behavior by Direct Revenue, but note that
Avenue has problems of its own. In my tests, Avenue's software (like Direct Revenue's)
was installed without any notice or consent whatsoever. (Again, I have video
proof.) However installed, Internet Optimizer's primary function is to show
extra advertising, primarily by replacing web browser error messages with its
own ads -- not a feature most users request. In addition, Internet Optimizer's
EULA admits to tracking
web sites visited and keywords searched. Finally, Doxdesk reports
that Internet Optimizer has (or recently had) security holes that risk unauthorized
installation of other software.

Update (February 8, 2005): Avenue Media and Direct Revenue have reportedly
reached a settlement. No money will change hands, but the companies have agreed
to no longer disable each other's software.

Removing competitors' programs is not Direct Revenue's only controversial activity.
Direct Revenue's core business is showing extra pop-up ads. Which ads? Covering
which sites? Early next year, I expect to release a report detailing some of
the advertisers supporting Direct Revenue, and showing some ads Direct Revenue
targets at certain web sites. Advance access available by request.

I also plan to present the sensitive information sent by Direct Revenue to its
servers. In recent testing, I've seen Direct Revenue collect each user's ethernet
address or "MAC address" -- a unique identifier permanently associated
with each network card (i.e. with each computer). Direct Revenue also transmits
users' Windows product IDs -- of particular interest due to their use
in Microsoft's product activation system.

I have recently observed that Direct Revenue tracks the .EXE names of all running
tasks, specifically checking for installations of certain competing programs
(including Gator and 180solutions) and for certain spyware-removal programs
(including Ad-Aware and PestPatrol). Direct Revenue checks for these programs
in the same way it checks for Internet Optimizer -- suggesting that Direct Revenue
might also target some or all of these programs for automatic deletion, just
as it automatically deleted Internet Optimizer in the log shown above. That
hypothesis is more than speculative: My November videos and packet logs show
Direct Revenue deleting not just Internet Optimizer but also ActAlert/DyFuCa,
EliteToolbar, and others.